1. Field of the Invention
The invention relates to a new method for transferring a data packet, e.g. a software sequence, between two communication terminals.
2. Description of the Prior Art
Until now communication terminals, such as cellular phones, are loaded with software when leaving the factory. The software is normally flashed into a flash ROM during the assembly of the terminal. A Master Software is copied into the terminal. During the product lifetime the software development continues. This means if minor software improvements are introduced after the launch of the terminal, the Master Software is amended so subsequently manufactured terminals contain copies of the amended version.
When a terminal has been sent for service the entire set of software instructions (the operative system of the terminal) will very often become updated by re-flashing a copy of the Master Software. The User will normally not notice any difference. The loading of software has been performed by inserting a plug into the terminal thus establishing an electronic connection.
However the assignee presented a Smart Messaging concept at the CeBIT fair in 1997. Hereby any GSM phone with the SMS (Short Message Service) capability can access the services. The Smart Messaging technology allows the GSM subscriber access to a wide range of new applications, such as information and xe2x80x9cinfotainmentxe2x80x9d services and the Internet. Services could include flight schedules, weather reports, stock news, currency rates, telebanking information, sports news and movie listings. Furthermore the concept may be used for downloading software sold in aftersale. For example, new ringing tones may be downloaded Over The Air (OTA),
Communication terminals such as cellular phones have yet to be type approved in order to ensure that the activity of the terminal does not interact with the network or other types of electronic equipment in an unintended or unfavorable manner. Therefore both the manufacturer and the owner of such a communication terminal have a need for securing the terminal against unauthorized software loading into the phone.
According to one aspect of the present invention there is provided a method of transferring a data packet from a providing communication terminal to a requesting communication terminal, wherein said requesting communication terminal transfers a message to the providing communication terminal including a request for receiving the data packet and a first unique identification code identifying the requesting communication terminal; said providing communication terminal verifies the validity of the first unique identification code, and upon a successful verification, responds by transferring a message to the requesting communication terminal including the requested data packet and a second unique identification code; and said requesting communication terminal verifies the validity of the second unique identification code, and upon a successful verification, stores the data packet accordingly.
Hereby, in embodiments of the invention, the providing communication terminal has an opportunity to verify the identity of the requesting communication terminal before the delivery of the data packet. By controlling the validity of the second unique identification code the requesting communication terminal may verify the identity of the providing communication terminal and thereby check whether the data packet is provided by an authorized provider or not. If the data packet is deemed to be provided by an authorized provider the requesting communication terminal stores the received data packet and if the data packet includes a computer program or parts thereof the terminal automatically runs the required setup routines.
In cellular communication systems the providing communication terminal may advantageously be a fixed unit which is a part of a wireless communication network, while the requesting communication terminal then may be a mobile unit communicating via said wireless communication network.
In a cellular system as for example the GSM network the requesting communication terminal may be a GSM phone and the first unique identification code may include an International Mobile Equipment Identity (IMEI) code. The IMEI code uniquely identifies the phone and includes a Type Approval Code (TAC), a Final Assembly Code (FAC) identifying the assembly plant and a serial number (SN). In total the IMEI code includes 15 digits. In the GSM system its is a part of the standard that the mobile stations (phone) transfer their IMEI code to the network operator in response to a request (RIL3-MM IDENTITY REQUEST message), and these requests are given in order to identify the phone, for example upon location update or in order identify failures in the system.
A Master Password is defined by the administrator of the providing communication terminal. Phones or a communication terminal supporting the data packet verification method according to embodiments of the invention, are each provided with a phone password. The phone password is stored in the phone and is calculated by combining the IMEI number and the Master Password by means of a secure hash algorithm, such as a public key algorithm (for example, the MD5 algorithm from the RSA Data Security Company). The MD5 algorithm is a one-way hash function producing a 128 bit hash value (16 byte) from input messages of arbitrary length.
When the administrator of the providing communication terminal transmits the data packet the phone password calculated based on the Master Password may be used for the calculation of the second unique identification code. This second unique identification code is calculated by combining the code image of the data packet to be sent and the phone password by means of an secure hash algorithm, such as the MD5 algorithm . The code image and the second unique identification code is then transferred to the requesting communication terminal. The requesting communication terminal separates the code image and combines this and the phone password stored in the phone by means of an secure hash algorithm, such as the MD5 algorithm to obtain another signature. Then the requesting communication terminal compares the received second unique identification code and said calculates another signature. When the comparison shows that the codes are identical the requesting communication terminal deems the received code image to authenticated and stores the data accordingly.
Furthermore a successful verification of authentication of the received data packet indicates that the data packet is free from bit errors occurring during the transmission.
According to another aspect of the present invention there is provided a wireless communication network in which a data packet may be transferred securely from a providing communication terminal to a requesting communication terminal, wherein said requesting communication terminal comprises means for transmitting a message to the providing communication terminal, said message includes a request for the data packet and an identification of itself by means of a first unique identification code; said providing communication terminal includes means for verifying the validity of the first unique identification code, and means for transmitting a message, upon a successful verification, to the requesting communication terminal, said message includes the requested data packet and a second unique identification code; said requesting communication terminal comprises means for verifying the validity of the second unique identification code; and the requesting communication terminal includes means for storing the data packet, upon a successful verification of the validity of the received message. This network is able to ensure that unauthorized programs are not downloaded via the network to the communication terminals connected thereto. Otherwise the communication traffic could be affected.
According to a further aspect of the present invention there is provided a computer program product for handling the verification of the transfer of a data packet from a providing communication terminal to a requesting communication terminal, and comprising a computer useable medium in a providing communication terminal having computer readable program code means embodied therein for handling verification of a communication unit requesting a data packet to be transferred over a wireless network from providing communication terminal to the requesting communication unit, the computer readable program code means in the computer program product comprising computer readable program code means for identifying a request for the data packet and a first unique identification code for the mobile unit included in a message received by said providing communication terminal; computer readable program code means for verifying the validity of the first unique identification code; computer readable program code means for setting up a response message to the mobile unit upon a successful verification, said responding message includes the requested data packet and a second unique identification code. This program will normally be running on a computer controlled by a service provider, software provider or the manufacture of the requesting communication units.
Another computer program product according to this further aspect of the invention may run on the requesting communication terminal for handling the verification of the transfer of a data packet from a providing communication terminal to a requesting communication terminal, and comprises a computer useable medium in a mobile unit having computer readable program code means embodied therein for handling a request of a data packet and the verification of the data packet when received via a wireless network from providing communication terminal, the computer readable program code means in the computer program product comprises computer readable program code means for setting up a message to the providing communication terminal, said message includes a request for the data packet and an identification of the mobile unit by means of a first unique identification code; computer readable program code means for identifying the requested data packet and a second unique identification code in the responding message: from the providing communication terminal; computer readable program code means for verifying the validity of the second unique identification code; and computer readable program code means for storing the data packet, upon a successful verification of the validity of the received message.
According to a further aspect of the present invention there is provided a mobile unit for communicating with a providing communication terminal via a wireless communication network, comprises means for transmitting a message to the providing communication terminal, said message includes a request for the data packet and an identification of the mobile unit by means of a first unique identification code; means for receiving a responding message from the providing communication terminal, said responding message includes the requested data packet and a second unique identification code; means for verifying the validity of the second unique identification code; and means for storing the data packet, upon a successful verification of the validity of the received message. Such a mobile unit may be a cellular phone, and the phone will then be able to check whether a software code included in a received data packet may be stored in the phone.
According to a further aspect of the present invention the providing communication terminal is a fixed unit which is a part of a wireless communication network. The fixed part comprises means for receiving a message from a mobile unit, said message includes a request for the data packet and an identification of the mobile unit by means of a first unique identification code; means for verifying the validity of the first unique identification code; and means for transmitting a responding message, upon a successful verification, to the mobile unit, said responding message includes the requested data packet and a second unique identification code. Hereby the software provider will have an opportunity to check whether the requesting phone will be allowed to receive the requested data packet.
In order to secure that only authenticated additional software is downloaded into to a phone. This additional software need to be verified for the following:
1. The software originated from a reputable source and can be expected to be well-behaved.
2. The software is indeed licensed for the particular phone it is downloaded into, so it can be expected to the owner of the software has been duly compensated.
This verification (or digital signature) relies on some secret information being available only to authorized software producers, and the ability to verify knowledge of the secret in the phone.
The binding of software to a particular phone relies on an unalterable ID being available in the phone, and having a mechanism that can prevent software from running if the software is configured for a different ID.